Options
All
  • Public
  • Public/Protected
  • All
Menu

Interface SecurityScriptBuilder

A builder that can be used to create scripts for use with updateSecurityStore.

Facilitates producing scripts that control the assignment of permissions to roles. From Diffusion 6.5, script builders are no longer immutable. Each builder operation mutates this script builder and returns it.

Hierarchy

  • SecurityScriptBuilder

Index

Methods

build

  • build(): string
  • Create the script string.

    Returns string

    the script

deisolatePath

  • Re-instate inheritance of path permission assignments from parents of the given path.

    throws

    a NullValueError if path is null or undefined

    see

    SecurityScriptBuilder.isolatePath

    since

    6.5

    Parameters

    • path: string

      the path

    Returns SecurityScriptBuilder

    this builder, modified to re-instate the inheritance of path permission assignments from parents of the given path

isolatePath

  • Set a path not to inherit path permissions from its parent paths or the default path permissions.

    By default, a path without specific SecurityScriptBuilder.setPathPermissions path permission assignments inherits the permission assignments from the first parent path that has them. If neither the path nor any of its parent paths have permission assignments, the default path permissions are used.

    throws

    a NullValueError if path is null or undefined

    since

    6.5

    Parameters

    • path: string

      the path

    Returns SecurityScriptBuilder

    this builder, modified to isolate the given path in the path hierarchy

removePathPermissions

  • Remove any previously assigned permissions from a particular path for a given role.

    This is different from setting no permissions to a path. By removing permissions set for a path, permissions will be inherited from the nearest set of permissions that have been assigned higher in the path hierarchy or from the default path permissions if no more specific permissions are found.

    throws

    a NullValueError if any of the arguments are null or undefined

    Parameters

    • role: string

      the role to remove path permissions from.

    • path: string

      the path path to remove permissions from.

    Returns SecurityScriptBuilder

    the builder to allow chaining

setDefaultPathPermissions

  • Set the default permissions that a particular role will have for paths.

    throws

    a NullValueError if any of the arguments are null or undefined

    Parameters

    • role: string

      the role to set path permissions for.

    • Optional permissions: string[]

      the path permissions to assign for the role, default = [].

    Returns SecurityScriptBuilder

    the builder to allow chaining

setGlobalPermissions

  • Set the global permissions assigned to a particular role.

    throws

    a NullValueError if any of the arguments are null or undefined

    Parameters

    • role: string

      the role to set global permissions for.

    • Optional permissions: string[]

      the permissions to assign globally for a role, default = [].

    Returns SecurityScriptBuilder

    the builder to allow chaining

setPathPermissions

  • Sets specific path permissions for a named role.

    When permissions are assigned to a role for a path they will apply to the path and any paths below the specified path. Path-scoped permissions are assigned to roles for specific paths. The permission assignment applies to all descendant paths, unless there is a more specific assignment.

    To evaluate whether a session has permission for a path, the server starts at that path and searches up the tree to find the nearest permissions assignment. The first assignment is the only one considered, even if the session has roles involved in assignments further up the hierarchy.

    throws

    a NullValueError if any of the arguments are null or undefined

    Parameters

    • role: string

      the role to assign permissions for.

    • path: string

      the path to assign permissions.

    • Optional permissions: string[]

      the permissions to assign to the role for the specified path. Any empty array (the default) or no argument would specify that the role has no permissions at this path, which differs from there being no permissions assigned for that path (see SecurityScriptBuilder.removePathPermissions).

    Returns SecurityScriptBuilder

    the builder to allow chaining

setRoleIncludes

  • Specify a set of a roles that another role should inherit permissions from.

    throws

    a NullValueError if any of the arguments are null or undefined

    Parameters

    • role: string

      the role

    • roles: string[]

      the set of roles to inherit from.

    Returns SecurityScriptBuilder

    the builder to allow chaining

setRoleLockedByPrincipal

  • Restrict a role so it can only be edited by a specific principal.

    throws

    a NullValueError if any of the arguments are null or undefined

    since

    6.4

    Parameters

    • role: string

      the role

    • lockingPrincipal: string

      the locking principal

    Returns SecurityScriptBuilder

    this builder, modified to lock a role to a single principal that can edit it

setRolesForAnonymousSessions

  • Sets the roles to be assigned by default to all anonymous sessions.

    throws

    a NullValueError if roles is null or undefined

    Parameters

    • Optional roles: string[]

    Returns SecurityScriptBuilder

    the builder to allow chaining

setRolesForNamedSessions

  • Sets the roles to be assigned by default to all sessions that authenticate with a principal.

    throws

    a NullValueError if roles is null or undefined

    Parameters

    • Optional roles: string[]

      the roles to be assigned. Any empty array (the default), or no argument, will result in named sessions being assigned no roles by default.

    Returns SecurityScriptBuilder

    the builder to allow chaining